Secure your REST APIs with Spring Security & Symmetric Key Encryption

Поділитися
Вставка
  • Опубліковано 29 гру 2024

КОМЕНТАРІ • 35

  • @pedjango
    @pedjango Рік тому +10

    Absolutely in love with this Spring Security series. It would be awesome to expand these lessons with the utilization of refresh tokens.

  • @famoniri
    @famoniri Рік тому +11

    Hi Dan, thank you for your useful video. In the "SecurityConfig" class, the `jwt()` method in `OAuth2ResourceServerConfigurer` has been deprecated since version 6.1. To resolve this, I used the `.oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults()))` configuration and it worked for me.

  • @pejko89
    @pejko89 Рік тому +1

    Great timing! Just got instructions from my mentor to learn about JWT tomorrow, and implement it in my project! Thank you!

  • @minilord11
    @minilord11 Рік тому +1

    A followup video about refresh token would be awesome.

  • @jackla84
    @jackla84 Рік тому +1

    Great tutorial. Could you expand on this topic and demonstrate how to implement logout functionality and refresh tokens?

  • @markostrisko2370
    @markostrisko2370 Рік тому +3

    Hi Dan, great video as always.
    I have one question though.
    At 17:00, when creating a @Bean for JwtDecoder, in SecretKeySpec constructor, you are setting "RSA" as alghoritm.
    Correct me if I'm wrong, but isn't that an asymmetric key encription?
    Shouldn't we pass something like HmacSHA512?
    Thanks in advance

    • @girishanker3796
      @girishanker3796 Місяць тому

      I have the same doubt. I was expecting a HMAC but RSA was written. But does this have something to do with sharing the secret key or something where we use the Asymmetric key encryption to do that(Diffie Hellman).

  • @javohirsayfullayevich7127
    @javohirsayfullayevich7127 Рік тому

    Well done, Thanks Dan

  • @ram0973
    @ram0973 Рік тому

    Nice shirt. And lesson of course 👍

  • @alexandroslekkas
    @alexandroslekkas 10 місяців тому

    Very cool, thank you!

  • @joachimdietl6737
    @joachimdietl6737 Рік тому

    Nice video!

  • @asiripramodaya
    @asiripramodaya 2 місяці тому

    thank you so much sir

  • @void_star_void
    @void_star_void Рік тому +4

    Nicely done, may I know your IDE theme?

    • @devforlife5696
      @devforlife5696 Рік тому

      He's using new beta layout in appearence. Enable beta will give new appearence to IDE just like this. Wanna know his theme also ;)

  • @AleksandarT10
    @AleksandarT10 Рік тому +1

    Great video, this is what we needed.
    It would be great if you can build on top of this one so UsernamePasswordAuthenticationFilter is used along with PostgresDB!

  • @sergiopuccini
    @sergiopuccini Рік тому +1

    Thanks for video! But how to refresh key?

  • @wagnerfaria1601
    @wagnerfaria1601 Рік тому +1

    How would you write a refresh token method for that application?

  • @anuragreddy9177
    @anuragreddy9177 Рік тому

    Could you please make a video on common exception library for Spring Webflux projects

  • @derBobby2
    @derBobby2 Рік тому

    What is the advantage of the JWT over just using basic auth here if both endpoints are in the same application?

  • @AwkwardFX
    @AwkwardFX Рік тому

    Hey Dan, what is securityMatcher? How is that different from requestMatcher?

  • @blacky8986
    @blacky8986 7 місяців тому

    And how to use the symmetric key If i have auth server and resource server in one app :) ?

  • @ayushjaiswal4449
    @ayushjaiswal4449 Рік тому

    In the given implementation we are using basic login where credential is supplied using authorize header but if we want to do so by using a rest end point how can I do that, anyone please guide.

  • @mlensment
    @mlensment Рік тому

    Nicely done, Dan! Can you do a tutorial about oauth2Client + JWT?

  • @ilyatemnikov9624
    @ilyatemnikov9624 Рік тому

    Hi Dan! (sorry for my bad English). I have watched carefully some of your videos about security, there is one small problem: when restarting the application all the tokens previously issued become invalid. I will be very glad and grateful if you tell me how to solve this problem or make a video like "jwt for production"! I am immensely grateful for your channel, thank you!

    • @nb-th7kr
      @nb-th7kr Рік тому

      you would probably need to store your active tokens in a persistent data storage

  • @shahinit
    @shahinit Рік тому

    Thanks

  • @doh2535
    @doh2535 Рік тому

    What's going on with ur teeth? Why are they so white?))

  • @mrowox
    @mrowox Рік тому +3

    Thank you so much for this short and concise tutorial Dan. However, I encountered an error while following along with the tutorial. I get an error when I try to encode with HS512 algorithm. HS256 works fine. The error is below
    [Request processing failed: org.springframework.security.oauth2.jwt.JwtEncodingException: An error occurred while attempting to encode the Jwt: Failed to sign the JWT -> The HS512 algorithm is not allowed or supported by the JWS signer: Supported algorithms: [HS256]] with root cause
    com.nimbusds.jose.JOSEException: The HS512 algorithm is not allowed or supported by the JWS signer: Supported algorithms: [HS256]

    • @hschaeufler
      @hschaeufler Рік тому +1

      Had the same issue. Your key is probably not long enough.

    • @mrowox
      @mrowox Рік тому +1

      Wow thanks for pointing that out

    • @balaji3229
      @balaji3229 Рік тому

      @@hschaeufler How do we generate the correct key?

    • @alexgutjahr
      @alexgutjahr 5 місяців тому +2

      Probably longer than needed, but with the openssl utility you can do the following
      openssl rand -base64 64